KU2, KU3, KU4: You need to create a pair of keys for the application computer. If you use an active and a passive application computer, both application computers use the same pair of keys, since these computer systems are addressed under the same host name.
The pair of keys of the application computer must be assigned to the application computer. When the pair of keys is created, the distinguished name of the application computer is specified for this assignment.
If you use an active and a passive application computer, you need to execute the following steps on one of the application computers only.
Certificates and keys are stored in the so-called keystore of a computer system. Creating such a keystore for accessing it later requires a keystore password. To protect the keystore from unauthorized access, the password should be generated randomly.
Each pair of keys of a keystore can also be protected from unauthorized access by a key password. This key password, however, must usually correspond to the keystore password.
How to Create a Pair of Keys for the Application ComputerParent topic: Certificate Strategy Overview
KU2, KU3, KU4: Sign the certificate sign request with the certificate authority .
How to Create Certificate Sign Requests
KU2, KU3, KU4: The newly created pair of keys for the application computer must be signed by a certificate authority. To this, a Certificate Si gn Request (CSR) must be created for this pair of keys.